← back
CVE-2010-1593

CVE-2010-1593

EPSS 2.6%
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.htmlhttp://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456http://open.silverstripe.org/changeset/97074http://open.silverstripe.org/wiki/ChangeLog/2.3.5http://osvdb.org/61921http://osvdb.org/61923http://secunia.com/advisories/38290http://secunia.com/advisories/38347https://exchange.xforce.ibmcloud.com/vulnerabilities/55838https://exchange.xforce.ibmcloud.com/vulnerabilities/55839http://www.securityfocus.com/archive/1/509139/100/0/threadedhttp://www.securityfocus.com/bid/37923